There seems to be a few threads on a similar subject (new portal transition and losing "features"), so was not sure where to post in reply. @LiorShapira you seem happy to want the feedback...

 

The only scheduled report we use DAILY is the Modifications to sensitive groups, and if you think logically about that, it is a rational report that is useful on a schedule. MDI has seemingly good logic in what these are, and being informed by push notification is exceedingly important (be even better if we didn't get emailed when there are ZERO entries in there, but hey!)...one does not want to have to run an adhoc query to do that - it is a backward step. Currently, I think the suggestion as  a "workaround" is to run the Advanced Hunting query and define the groups your are interested in - that is not workable at all.  This alone would stop us moving to the new portal, as pathetic as that seems.  FWIW, I actually like the new portal...just struggling to find things. I know there is a mapping table to show where things are...but it doesn't say what is missing or being thought about  !

@StuartH . Thanks for your feedback, I appreciate it.  We will take it into account and will make sure to update the documentation. 

Thanks
Can I ask though....as we have reverted to the "old" portal, the (mod to sensitive groups etc) reports are emailed, and still valid/accessed just fine. The moment we flip to the new portal, the link obviously fails. The new portal REMOVES the ability to schedule and also, even if it existed before, access to the data is removed too...even though the reports are still emailed ! This seems all wrong

@LiorShapira, we utilized the weekly scheduled reports too and they stopped working when the MDI portal redirection was enabled.  

 

Are there plans to migrate this functionality to security.microsoft.com or another portal?  If not, I recommend adding some information to the emailed reports sharing the reports will be deprecated and steps to disable them.  BTW, with the portal redirection is enabled, there is no way to disable the reports.  If June 30th comes and the portal redirection is forced, there will be no way for people to disable the email reports and people will start putting in tickets if they are using the reports.

@josequintino I am a little stunned that Microsoft are just yanking [very used] features away, and think that is acceptable. I see the portal notice (saying Jan 31) is now replaced with July 31 - surely that is time enough to get a satisfactory solution in place ?  Atleast expand on this and come up with something workable for all of your customers, and not making us do the work:

 

"To use the Microsoft Graph Security API:
1- Register an application in Azure AD and grant the necessary permissions.
2- Use the API to fetch alerts and related information from the Microsoft 365 Defender portal.
3- Create custom reports using the fetched data and schedule them to be sent via email or any other preferred method."

 

It just seems like you are dropping a lot of the good features that we purchased Azure ATP (MDI) for

Hello @StuartH I understand your concerns regarding Microsoft's decision to remove certain features from Azure ATP (MDI). While I am not a Microsoft representative, I can attempt to provide some context and potential suggestions for addressing these changes.

Firstly, it's important to acknowledge that technology companies like Microsoft often make decisions to remove, modify, or replace features based on factors like market demand, product strategy, or shifting priorities. While these decisions can be frustrating for customers, they are usually made with the goal of improving the overall product experience.

Regarding the Microsoft Graph Security API, the three steps you mentioned can help you continue accessing the features you need:

1- Registering an application in Azure AD and granting permissions: This is a one-time setup process that enables your application to interact with the Microsoft Graph Security API. You can follow Microsoft's official documentation to guide you through this process.
2- Fetching alerts and related information: With your application registered and permissions granted, you can use the API to fetch alerts and related data from the Microsoft 365 Defender portal. This will allow you to continue monitoring your environment and taking necessary actions to ensure security.
3- Creating custom reports: You can use the fetched data to create custom reports tailored to your organization's needs. This way, you can maintain visibility and control over the aspects that are most important to you.

While these steps do require some additional work from your end, they provide a way to adapt to the changes introduced by Microsoft. Additionally, consider reaching out to Microsoft Support for further assistance and providing feedback on your concerns. This can help Microsoft understand the needs of their customers and potentially make changes based on this feedback.

In the meantime, you might explore alternative solutions or third-party tools that could help you achieve your desired functionality with Azure ATP (MDI).